Learn how Prisma Access Explicit Proxy identifies users.
Explicit Proxy identifies users in the traffic logs
dependent on how the users authenticate with the proxy, as shown
in the following table.
Authentication Type
User Identification in Traffic Logs
Users that are logged in using SAML authentication
and decryption
The username.
Users that are logged in from another proxy
that uses X-Authenticated-User (XAU) headers
XAU header information.
Explicit Proxy
only allows traffic from specific IP addresses to use XAU for authentication.
You create an address object and specify
the IP addresses where you allow XAU for authentication; then, add
the address object in the
To
help identify traffic that is coming from authenticated users in
cases where browsers cannot send cookies or perform authentication
redirection, such as CORS requests, Explicit Proxy adds the
swg-authenticated-ip-user
to
the traffic logs.
Undecrypted traffic (if you have allowed
Explicit Proxy to allow undecrypted traffic from IP addresses where
users have previously authenticated)
The
swg-authenticated-ip-user
user.
You
can specify Explicit Proxy to allow undecrypted traffic from IP
addresses where users have authenticated; to do so, specify
Decrypt
traffic that matches existing decryption rules; for undecrypted
traffic, allow traffic only from known IPs registered by authenticated
users
